How to Configure TERADATA TDP (Teradata Director Program) in TSS ?

Document ID : KB000126399
Last Modified Date : 11/02/2019
Show Technical Document Details
Introduction:

In order to Set up and use the Security Logon Function of the Teradata Director Program, it is necessary to follow some procedures.
One of these procedures is to set up the external security manager to work with the TDP security logon function.

The commands for RACF are:

a)    Create user profiles in the FACILITY class with a universal access code of NONE to regulate logons. Note, in the following example, that the first qualifier of the resource name specifies the TDPid, and the second qualifier specifies the DBC user logon name:

RDEFINE FACILITY TDP9.TEST01 UACC(NONE)

RDEFINE FACILITY TDP0.BIG_DBC_USER_NAME    - UACC(NONE)

RDEFINE FACILITY TDPX.PAYROLL977263 -   UACC(NONE)

b)    Give each user the appropriate status authority to the FACILITY profile. READ is sufficient, as in the following examples:

PERMIT UACC(READ) USER(TSO0997) -   PROFILE(TDP9.TEST01) CLASS(FACILITY)

PERMIT UACC(READ) USER(TSO0998) -   PROFILE(TDP0.DBC_BIG_USER_NAME) -

  CLASS(FACILITY)

PERMIT UACC(READ) USER(TSO0999) -   PROFILE(TDPX.PAYROLL977263) - CLASS(FACILITY)

c)    If not already activated, activate the FACILITY class:

SETROPTS CLASSACT(FACILITY)

 

Question:
What are the commands to implement this with CA Top Secret?
Environment:
CA Top Secret 16.0
Teradata Director Program 15.10
Answer:
a- Create user profiles in the FACILITY class with a universal access code of NONE to regulate logons. Note, in the following example, that the first qualifier of the resource name specifies the TDPid, and the second qualifier specifies the DBC user logon name: 
RDEFINE FACILITY TDP9.TEST01 UACC(NONE) 
RDEFINE FACILITY TDP0.BIG_DBC_USER_NAME  - UACC(NONE) 
RDEFINE FACILITY TDPX.PAYROLL977263 - UACC(NONE) 

The TSS Commands are: 

TSS ADDTO(dept) IBMFAC(TDP9.TES) 
TSS ADDTO(dept) IBMFAC(TDP0.BIG) 
TSS ADDTO(dept) IBMFAC(TDPX.PAY) 

Notes:
- The maximum length of the resource name in the TSS ADD command for the IBMFAC resource class is 8 Characters. 
- According to the RACF instructions, the second qualifier is the DBC user logon name, so in order to use a second qualifier that is different than the one in the sample, modify the TSS commands above to use the correct second qualifier. 

b- Give each user the appropriate status authority to the FACILITY profile. READ is sufficient, as in the following examples: 
PERMIT UACC(READ) USER(TSO0997) PROFILE(TDP9.TEST01) CLASS(FACILITY) 
PERMIT UACC(READ) USER(TSO0998) PROFILE(TDP0.DBC_BIG_USER_NAME) CLASS(FACILITY) 
PERMIT UACC(READ) USER(TSO0999) PROFILE(TDPX.PAYROLL977263) CLASS(FACILITY) 

The TSS Commands are: 
TSS PER(TSO0997) IBMFAC(TDP9.TEST01) ACCESS(READ) 
TSS PER(TSO0998) IBMFAC(TDP0.DBC_BIG_USER_NAME) ACCESS(READ) 
TSS PER(TSO0999) IBMFAC(TDPX.PAYROLL977263) ACCESS(READ) 

Note: Just like the Notes in the previous section, modify the qualifiers in the IBMFAC resource names if necessary.  

c)    If not already activated, activate the FACILITY class:

SETROPTS CLASSACT(FACILITY)

There is no TSS equivalent for this command.